Exchange Domain Servers Inheritance Block

I asked a question about how to solve the Permissions inheritance block on Exchange Domain Servers Group Object

Access control list (ACL) inheritance is blocked for the Exchange Domain Servers group object in domain 'laxeypartners.com' (CN=Exchange Domain Servers,CN=Users,DC=laxeypartners,DC=com). This may cause mail flow problems, recipient update service failures and other service outages. Use the Active Directory Users and Computers program to re-enable inheritance on this object.

....a while ago and I got an answer which confirmed what I had to do, basically tick the box so the Group inherited from it's parent.

I did that and the Exchange 2010 BPA stopped complaining, however on running it again a few hours later, it's back to complaining about it until I re tick the inheritance box.

So my question now is, why does it keep reverting back to the unticked state?

I think the problem was (as you suggest) the Exchange Domain Servers was a member of Domain Admins. I've removed it from there and the permissions seem to be holding now. i'll check again on Monday and award the points and close the call.

Featured Post

Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why